Vulnerabilities > Incorrect Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-19 | CVE-2024-47159 | Incorrect Authorization vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.3.44799 user without appropriate permissions could restore workflows attached to a project | 4.3 |
2024-09-19 | CVE-2024-47160 | Incorrect Authorization vulnerability in Jetbrains Youtrack In JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possible | 5.3 |
2024-09-15 | CVE-2024-46918 | Incorrect Authorization vulnerability in Misp app/Controller/UserLoginProfilesController.php in MISP before 2.4.198 does not prevent an org admin from viewing sensitive login fields of another org admin in the same org. | 4.9 |
2024-09-12 | CVE-2024-2743 | Incorrect Authorization vulnerability in Gitlab An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables. | 9.1 |
2024-09-11 | CVE-2024-8691 | Incorrect Authorization vulnerability in Paloaltonetworks Pan-Os A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. | 7.1 |
2024-09-11 | CVE-2024-4465 | Incorrect Authorization vulnerability in Nozominetworks CMC and Guardian An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges. If a logged-in user with reporting privileges learns how to create a specific application request, they might be able to make limited changes to the reporting configuration. | 5.0 |
2024-09-10 | CVE-2024-42423 | Incorrect Authorization vulnerability in Citrix Workspace 23.9.0.24.4 Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled for WebLogin. | 7.1 |
2024-09-10 | CVE-2024-44114 | Incorrect Authorization vulnerability in SAP Netweaver Application Server Abap SAP NetWeaver Application Server for ABAP and ABAP Platform allow users with high privileges to execute a program that reveals data over the network. | 2.7 |
2024-09-09 | CVE-2024-8601 | Incorrect Authorization vulnerability in Techexcel Back Office Software This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to improper access controls on certain API endpoints. | 6.5 |
2024-09-04 | CVE-2024-34642 | Incorrect Authorization vulnerability in Samsung Android 12.0/13.0/14.0 Improper authorization in One UI Home prior to SMR Sep-2024 Release 1 allows physical attackers to temporarily access sensitive information. | 4.6 |